Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added Edward and EDDSA in Key types and algorithms section

This article provides installation requirements and interoperability data for Nexus OCSP Responder.

Expandall

Requirements

Expand
titleHardware



Minimum
CPUQuad Core 2.4 GHz
Disk size

20 GB

Memory4 GB RAM

HSM

64-bit PKCS#11-driver

Nexus OCSP Responder scales well with a server of multiple cores. More memory can be required when many logical responders are hosted in a single server instance and large CRLs are loaded by the responder. For load tests, also consider the HSM performance to not introduce a bottle-neck. Performance is affected by the Nexus OCSP Responder signing key length.


Expand
titleOperating systems

The following operating systems are supported:

  • CentOS 7, 8
  • Red Hat Enterprise Linux 7, 8
  • SUSE Linux Enterprise Server 15
  • OpenSUSE Leap 15
  • Microsoft Windows 2012 Server
  • Microsoft Windows 2016 Server
  • Microsoft Windows 2019 Server


Expand
titleSoftware

The following software is supported:

  • 64-bit Java Runtime Environment (JRE) version 11.
  • Nexus OCSP Responder is compatible with both OpenJDK and Oracle Java.


Expand
titleTime synchronization

It is important that all participants in a PKI use the same time standard. Specifically Nexus OCSP Responder has to agree on the time with the CAs issuing CRLs/CILs and with the OCSP clients.

Make sure these clocks are synchronized, that is, the participants are using a synchronization protocol such as Network Time Protocol, NTP.

Interoperability

Expand
titleHardware Security Modules

Excerpt Include
Supported hardware security modules (HSM) in Certificate Manager
Supported hardware security modules (HSM) in Certificate Manager
nopaneltrue


Expand
titleKey types and corresponding signature algorithms

The following key types and corresponding signature algorithms in certificate, CA, CRL, CIL, and responder certificate are supported:

Key types

  • RSA
  • RSASSA-PSS
  • EC
  • Edward

Algorithms

  • SHA-1
  • SHA-2
  • ECDSA
  • EDDSA


This article is valid from Nexus OCSP Responder 6.1.

Related information